Just Google for the search term ‘“active defense” startup’ and it is clear that this is a hot growth area in Internet security. But what is it, exactly? The answer to that question is difficult and controversial.
The newly published Preliminary Cybersecurity Framework from NIST, part of the federal effort to help critical infrastructure owners and operators reduce cybersecurity risks, is now available for review, with some interesting new language and a final workshop scheduled for November.
Are legislation and regulation a viable means of making people and organizations do better at securing data systems and devices? I’m not talking about FIAT the car maker, but fiat: “an official order given by someone who has power.” How’s that working in light of NIST CSF and HIPAA?
Cybersecurity insurance or “cyber insurance” was a hot topic at the latest NIST workshop on the critical infrastructure cybersecurity framework (CSF) in Dallas. Will the CSF become a standard used by insurers to determine rates?
What needs to happen before the President of the United States can stand before the American people and assure them that a comprehensive and good faith effort has been made to stop cyber attacks disrupting the delivery of essential goods and services? The NIST workshops are seeking answers to that question.
In the ongoing effort to protect cyber aspects of America’s critical infrastructure, the third NIST Cybersecurity Framework workshop is being hosted July 10-12, 2013 by the University of California, San Diego, and the National Health Information Sharing and Analysis Center.
More than half of British companies could be at risk of cyber attack, after a survey found that IT departments had not begun the process of migrating from Windows XP- with just a year left before Microsoft stops offering support for the ageing OS.
The value of educating people about cyber security is hotly debated these days, with opposing views on security awareness training coming from Bruce Schneier and Ira Winkler. Stephen Cobb weighs in.
Does your company have a written information security program? If not, you could be an easy target for cybercriminals AND end up on the wrong side of the law, regardless of where your company is located or what size it is. Which law? Something they passed about two years ago in the Commonwealth of Massachusetts,